Sign-up

ID

VAR-202201-1695


CVE

CVE-2022-22263


TITLE

Android  Vulnerability in privilege management in

Trust: 0.8

sources: JVNDB: JVNDB-2022-002959

DESCRIPTION

Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applications to launch arbitrary activity. Android Exists in a permission management vulnerability.Information may be tampered with. Samsung Mobile is a mobile phone produced by Samsung of South Korea. The vulnerability is caused by the lack of appropriate permissions for unprotected dynamic receivers in the system. Attackers can use this vulnerability to launch arbitrary activities

Trust: 2.25

sources: NVD: CVE-2022-22263 // JVNDB: JVNDB-2022-002959 // CNVD: CNVD-2025-02716 // VULMON: CVE-2022-22263

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-02716

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:eqversion:11.0

Trust: 1.0

vendor:googlemodel:androidscope:eqversion: -

Trust: 0.8

vendor:googlemodel:androidscope: - version: -

Trust: 0.8

vendor:samsungmodel:select r devicesscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-02716 // JVNDB: JVNDB-2022-002959 // NVD: CVE-2022-22263

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-22263
value: MEDIUM

Trust: 1.0

mobile.security@samsung.com: CVE-2022-22263
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-22263
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-02716
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202201-611
value: MEDIUM

Trust: 0.6

VULMON: CVE-2022-22263
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2022-22263
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2025-02716
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-22263
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

mobile.security@samsung.com: CVE-2022-22263
baseSeverity: MEDIUM
baseScore: 4.0
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 2.5
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2022-22263
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-02716 // VULMON: CVE-2022-22263 // JVNDB: JVNDB-2022-002959 // CNNVD: CNNVD-202201-611 // NVD: CVE-2022-22263 // NVD: CVE-2022-22263

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.0

problemtype:Improper authority management (CWE-269) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-002959 // NVD: CVE-2022-22263

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202201-611

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202201-611

PATCH

title:top pageurl:https://www.android.com/

Trust: 0.8

title:Patch for Samsung SecSettings Improper Permission Management Vulnerability (CNVD-2025-02716)url:https://www.cnvd.org.cn/patchInfo/show/353921

Trust: 0.6

title:Samsung SMR Jan-2022 Release 1 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178078

Trust: 0.6

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: CNVD: CNVD-2025-02716 // VULMON: CVE-2022-22263 // JVNDB: JVNDB-2022-002959 // CNNVD: CNNVD-202201-611

EXTERNAL IDS

db:NVDid:CVE-2022-22263

Trust: 3.9

db:JVNDBid:JVNDB-2022-002959

Trust: 0.8

db:CNVDid:CNVD-2025-02716

Trust: 0.6

db:CNNVDid:CNNVD-202201-611

Trust: 0.6

db:VULMONid:CVE-2022-22263

Trust: 0.1

sources: CNVD: CNVD-2025-02716 // VULMON: CVE-2022-22263 // JVNDB: JVNDB-2022-002959 // CNNVD: CNNVD-202201-611 // NVD: CVE-2022-22263

REFERENCES

url:https://security.samsungmobile.com/securityupdate.smsb?year=2022&month=1

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-22263

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/269.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: CNVD: CNVD-2025-02716 // VULMON: CVE-2022-22263 // JVNDB: JVNDB-2022-002959 // CNNVD: CNNVD-202201-611 // NVD: CVE-2022-22263

SOURCES

db:CNVDid:CNVD-2025-02716
db:VULMONid:CVE-2022-22263
db:JVNDBid:JVNDB-2022-002959
db:CNNVDid:CNNVD-202201-611
db:NVDid:CVE-2022-22263

LAST UPDATE DATE

2025-02-14T23:16:24.640000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-02716date:2025-02-12T00:00:00
db:VULMONid:CVE-2022-22263date:2022-01-14T00:00:00
db:JVNDBid:JVNDB-2022-002959date:2023-01-31T06:07:00
db:CNNVDid:CNNVD-202201-611date:2022-01-17T00:00:00
db:NVDid:CVE-2022-22263date:2024-11-21T06:46:30.927

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-02716date:2025-02-11T00:00:00
db:VULMONid:CVE-2022-22263date:2022-01-10T00:00:00
db:JVNDBid:JVNDB-2022-002959date:2023-01-31T00:00:00
db:CNNVDid:CNNVD-202201-611date:2022-01-10T00:00:00
db:NVDid:CVE-2022-22263date:2022-01-10T14:12:33.613